Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Nabourání přes discord

To, co se nehodí jinam..

Moderátor: Moderátoři

Odpovědět
Zpráva
Autor
Hanka130
Návštěvník
Návštěvník
Příspěvky: 37
Registrován: 06 srp 2007 17:47

Nabourání přes discord

#1 Příspěvek od Hanka130 »

Zdravím, před 5 dny mi došel mail, že se někdo zkoušel přihlásit na webforum na mojí emailovku.Nevím co přesně uteklo,ale dostal se na můj discort mojí chybou.
Mohl stáhnout hesla?
Já omylem klikla na nějakej odkaz, na discordu
Mám reinstalovat PC je možné poznat,že tam ještě něco je?
Děkuji

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118200
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Nabourání přes discord

#2 Příspěvek od Rudy »

Zdravím!
Pokud se vám naboural ořes PC, je vhodné provést kontrolu. Dejte logy FRST+Addition: http://forum.viry.cz/viewtopic.php?f=24&t=132509 . Pokud se ale naboural přímo zlomením hesla, v PC nic nenajdeme. Hesla si samozřejmě změňte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Hanka130
Návštěvník
Návštěvník
Příspěvky: 37
Registrován: 06 srp 2007 17:47

Re: Nabourání přes discord

#3 Příspěvek od Hanka130 »

Zasílám logy snad správně:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-01-2023
Ran by Miroslav (administrator) on HOLUB (Micro-Star International Co., Ltd. MS-7C84) (25-01-2023 15:35:11)
Running from C:\Users\Miroslav\Desktop
Loaded Profiles: Miroslav
Platform: Microsoft Windows 10 Pro Version 22H2 19045.2486 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(C:\Program Files (x86)\Garmin\Express\express.exe ->) (The CefSharp Authors) [File not signed] C:\Program Files (x86)\Garmin\Express\CefSharp.BrowserSubprocess.exe <2>
(C:\Program Files (x86)\HyperX\NGenuity\NGenuity.exe ->) (Kingston Technology Company, Inc. -> HyperX NGenuity Software) C:\Program Files (x86)\HyperX\NGenuity\Device\Cloud Flight\NGenuity.exe
(C:\Program Files (x86)\MSI\MSI Center\MSI.CentralServer.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\MSI Center\Engine\CC_Engine_x64.exe
(C:\Program Files (x86)\MSI\MSI Center\MSI_Central_Service.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\MSI.CentralServer.exe
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cncmd.exe
(C:\Program Files\ESET\ESET Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(cmd.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Discord Inc. -> Discord Inc.) C:\Users\Miroslav\AppData\Local\Discord\app-1.0.9010\Discord.exe <6>
(DriverStore\FileRepository\u0386458.inf_amd64_e0283e9e7966f704\B386218\atiesrxx.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0386458.inf_amd64_e0283e9e7966f704\B386218\atieclxx.exe
(Elaborate Bytes AG -> Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(explorer.exe ->) (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express\express.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <12>
(explorer.exe ->) (Kingston Technology Company, Inc. -> HyperX NGenuity Software) C:\Program Files (x86)\HyperX\NGenuity\NGenuity.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <9>
(explorer.exe ->) (Open Source Developer, Robin Krom -> Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(explorer.exe ->) (Spotify AB -> Spotify Ltd) C:\Users\Miroslav\AppData\Roaming\Spotify\Spotify.exe <6>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(MICRO-STAR INTERNATIONAL CO., LTD) C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.MSICenter_2.0.6.0_x64__kzh8wxbdkxb8p\DCv2\DCv2.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(services.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0386458.inf_amd64_e0283e9e7966f704\B386218\atiesrxx.exe
(services.exe ->) (Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(services.exe ->) (Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Scan Utility\SETEVENT.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Case\MSI_Case_Service.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Game Highlights\MSI_Companion_Service.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\MSI_Central_Service.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Mystic Light\LightKeeperService.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\Mystic Light\Mystic_Light_Service.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Voice Control\VoiceControl_Service.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_85cff5320735903d\RtkAudUService64.exe <2>
(svchost.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\CPUMetricsServer.exe
(svchost.exe ->) (Janos Mathe -> H.D.S. Hungary) C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe <2>
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\MSI.TerminalServer.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\Mystic Light\LEDKeeper2.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\True Color\New\MSI.True Color.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Voice Control\VoiceControlEngine.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [KeePass 2 PreLoad] => C:\Program Files\KeePass Password Safe 2\KeePass.exe [3190384 2021-09-10] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_85cff5320735903d\RtkAudUService64.exe [3378592 2021-10-28] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [CL-26-5BF6A136-F6D4-4C83-87D3-7BAE54B21E53] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\CL-26-5BF6A136-F6D4-4C83-87D3-7BAE54B21E53\setuplauncher.exe" /run:Installer.exe /args:"/setup-folder:"CL-26-5BF6A136-F6D4-4C83-87D3-7BAE54B (the data entry has 7 more characters). (No File)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [527792 2017-08-09] (Open Source Developer, Robin Krom -> Greenshot)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [194704 2023-01-17] (ESET, spol. s r.o. -> ESET)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [105280 2020-02-23] (Elaborate Bytes AG -> Elaborate Bytes AG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [707256 2021-12-15] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-3279423208-2824119255-3985258815-1001\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net.exe [1090168 2022-12-09] (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
HKU\S-1-5-21-3279423208-2824119255-3985258815-1001\...\Run: [EADM] => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart (No File)
HKU\S-1-5-21-3279423208-2824119255-3985258815-1001\...\Run: [Gaijin.Net Updater] => C:\Users\Miroslav\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [3036096 2022-10-21] (Gaijin Network LTD -> Gaijin)
HKU\S-1-5-21-3279423208-2824119255-3985258815-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32754128 2022-12-28] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3279423208-2824119255-3985258815-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4246376 2022-12-15] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-3279423208-2824119255-3985258815-1001\...\Run: [Wargaming.net Game Center] => C:\ProgramData\Wargaming.net\GameCenter\wgc.exe [2176176 2023-01-22] (Wargaming.net Limited -> Wargaming.net)
HKU\S-1-5-21-3279423208-2824119255-3985258815-1001\...\Run: [NGenuity] => C:\Program Files (x86)\HyperX\NGenuity\NGenuity.exe [1834184 2020-10-08] (Kingston Technology Company, Inc. -> HyperX NGenuity Software)
HKU\S-1-5-21-3279423208-2824119255-3985258815-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-10-22] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-3279423208-2824119255-3985258815-1001\...\Run: [MicrosoftEdgeAutoLaunch_AD05EF304ABE52FF05DAAF39D0B0142B] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4188616 2023-01-19] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3279423208-2824119255-3985258815-1001\...\Run: [Spotify] => C:\Users\Miroslav\AppData\Roaming\Spotify\Spotify.exe [20511096 2023-01-19] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-3279423208-2824119255-3985258815-1001\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [31298328 2022-11-03] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3279423208-2824119255-3985258815-1001\...\Run: [AMDNoiseSuppression] => C:\Windows\system32\AMD\ANR\AMDNoiseSuppression.exe [155544 2022-08-12] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
HKU\S-1-5-21-3279423208-2824119255-3985258815-1001\...\Run: [Discord] => C:\Users\Miroslav\AppData\Local\Discord\Update.exe [1525016 2022-12-09] (Discord Inc. -> GitHub)
HKU\S-1-5-21-3279423208-2824119255-3985258815-1001\...\MountPoints2: {c0d5ff71-718e-11ec-ae98-74d83eef8cec} - "P:\setup.exe"
HKLM\...\Windows x64\Print Processors\Canon G3020 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDGL.DLL [525824 2021-09-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\Canon MG5700 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDCS.DLL [30208 2015-03-15] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor G3020 series: C:\Windows\system32\CNMLMGL.DLL [962560 2021-09-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG5700 series: C:\Windows\system32\CNMLMCS.DLL [406528 2015-03-15] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\109.0.5414.75\Installer\chrmstp.exe [2023-01-15] (Google LLC -> Google LLC)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02F7FD9C-383B-47E7-8AE3-773C70BBE14F} - System32\Tasks\CCleanerUpdateTaskMachineUA => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe /ua /installsource scheduler (No File)
Task: {2BCFD5EE-093D-4D64-A255-BF229B44CFC7} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [954808 2022-11-30] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {2E09B23D-96EA-4B29-81A1-FF65BDCC1413} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141216 2023-01-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {37ADE140-04B0-404B-B3D1-5F6E1EE5D065} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141216 2023-01-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {38B51D2A-B410-4DC1-9BF3-D239570E2B56} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\26.0.1.231\WatchDog.exe repair (No File)
Task: {3A305DC9-59EE-4CAC-A3C2-7C0F404D9DF2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [7056328 2022-10-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {3CC2847A-A17D-45B2-ABEF-33CD3F5B0779} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21864416 2022-12-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {3CF01049-7BAB-48D5-A61C-D7F903343DA4} - System32\Tasks\CCleaner Browser Heartbeat Task (Logon) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe --type=heartbeat --logon (No File)
Task: {3DD0FCE1-096A-4716-8E91-0F4D48007636} - System32\Tasks\CCleaner Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe --type=heartbeat --hourly (No File)
Task: {475D9AFC-00AF-4E88-9DDF-84490759EE93} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21864416 2022-12-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {54A989D1-5152-484B-8A02-D8B2566F82DD} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [291768 2022-11-30] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {55E4291D-6E87-4896-83AC-DAB454AA059D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [7056328 2022-10-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {577855B5-8BD4-4775-A0D2-78598E396ABE} - System32\Tasks\MSI Task Host - FixNorton.exe => C:\Program Files (x86)\MSI\MSI Center\PushCast\Push20221215131801\FixNorton.exe (No File)
Task: {811F3D0E-6781-4EAB-98C8-C9A36DB8D95D} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Miroslav\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe SCHED (No File)
Task: {8AD36A14-7165-4D2D-BAAF-BB1327F47B8B} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [954808 2022-11-30] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {91FA806E-B376-41EC-8CE0-0293F8A9D8E2} - System32\Tasks\AMDRyzenMasterSDKTask => C:\Program Files\AMD\CNext\CNext\cpumetricsserver.exe [183224 2022-11-30] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {A8DB95BE-89EA-4BFC-BAB1-194C03900B62} - System32\Tasks\MSI Task Host - LEDKeeper2_Host => C:\Program Files (x86)\MSI\MSI Center\Mystic Light\LEDKeeper2.exe [2410616 2022-12-02] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
Task: {A9907312-05F0-42DE-BFA8-D8FA8EC649E2} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [56760 2022-11-30] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {AAA1EC40-610B-4C87-9633-88749F52305B} - System32\Tasks\CCleanerUpdateTaskMachineCore => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe /c (No File)
Task: {B2E7B628-0993-4461-8986-95B2E7BA37BD} - System32\Tasks\HardDiskSentinel\Hard Disk Sentinel_Miroslav => C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe [5658384 2019-07-10] (Janos Mathe -> H.D.S. Hungary)
Task: {BD7CBDD3-701E-4EC6-8EF9-D5391DF51614} - System32\Tasks\AMDAutoUpdate => C:\Program Files\AMD\AutoUpdate\AMDAutoUpdate.exe [669320 2022-03-23] (Advanced Micro Devices Inc. -> )
Task: {C78BF875-30A3-4EE8-A2A4-9A332833BCFC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-01-01] (Google LLC -> Google LLC)
Task: {D6E60CD1-E1F1-4A41-98C6-B64E0D400F7C} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Miroslav\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe LOGON (No File)
Task: {E2117807-B20E-4E51-9A5F-F0AC76C388E1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-01-01] (Google LLC -> Google LLC)
Task: {E6EE9300-C453-4974-B269-8F642BDA8598} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [954808 2022-11-30] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {F6977CA6-3418-4CB8-A340-C2279E320371} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [29464 2022-11-03] (Garmin International, Inc. -> )

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.1.0.254 10.1.0.1
Tcpip\..\Interfaces\{23afd004-d0b6-4e50-8551-ea84601fa1e9}: [NameServer] 198.51.100.1
Tcpip\..\Interfaces\{23afd004-d0b6-4e50-8551-ea84601fa1e9}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{e30e0cc3-cf11-4006-a08b-106e73a7a452}: [DhcpNameServer] 10.1.0.254 10.1.0.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Miroslav\AppData\Local\Microsoft\Edge\User Data\Default [2023-01-25]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Miroslav\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn [2022-12-13]
Edge Extension: (Translator) - C:\Users\Miroslav\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cdkmohnpfdennnemmjekmmiibgfddako [2022-01-08]
Edge Extension: (AdBlock - nejlepší blokátor reklam) - C:\Users\Miroslav\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ndcileolkflehcjpmjnfbnaibdcgglog [2022-12-21]
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.321.2 -> C:\Program Files\Java\jre1.8.0_321\bin\dtplugin\npDeployJava1.dll [2022-01-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.321.2 -> C:\Program Files\Java\jre1.8.0_321\bin\plugin2\npjp2.dll [2022-01-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-10-17] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin-x32: @google.com/npwebplugin -> C:\Windows\system32\npwebplugin.dll [No File]
FF Plugin-x32: @google.com/zxwebplugin -> C:\Windows\system32\npzxwebplugin.dll [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-10-17] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=3 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1208.2\npCCleanerBrowserUpdate3.dll [No File]
FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=9 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1208.2\npCCleanerBrowserUpdate3.dll [No File]

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default [2023-01-25]
CHR HomePage: Default -> hxxp://www.google.com/
CHR Extension: (uBlock Origin) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2023-01-01]
CHR Extension: (Dokumenty Google offline) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-01-22]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-12-13]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-01-01]
CHR Extension: (Bitwarden – Bezplatný správce hesel) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\nngceckbapebfimnlniiiahkandclblb [2023-01-12]
CHR Extension: (Tmavý režim - Tmavé téma) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjbgfifennfhnbkhoidkdchbflppjncb [2022-12-13]
CHR Profile: C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Guest Profile [2023-01-25]
CHR Profile: C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Profile 1 [2023-01-22]
CHR Extension: (Dokumenty Google offline) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-12-06]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-12-13]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-01-01]
CHR Profile: C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\System Profile [2023-01-25]
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [9880840 2023-01-24] (BattlEye Innovations e.K. -> )
R2 CIJSRegister; C:\Program Files (x86)\Canon\IJ Scan Utility\SETEVENT.exe [156552 2019-11-12] (Canon Inc. -> CANON INC.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9198496 2022-11-30] (Microsoft Corporation -> Microsoft Corporation)
S3 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe [10032232 2023-01-17] (Electronic Arts, Inc. -> Electronic Arts)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [1135648 2023-01-23] (EasyAntiCheat Oy -> Epic Games, Inc)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [3549872 2023-01-17] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [3549872 2023-01-17] (ESET, spol. s r.o. -> ESET)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934368 2021-10-01] (Epic Games Inc. -> Epic Games, Inc.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [445432 2021-04-19] (Canon Inc. -> )
R2 LightKeeperService; C:\Program Files (x86)\MSI\MSI Center\Mystic Light\LightKeeperService.exe [86776 2020-12-23] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8891160 2023-01-16] (Malwarebytes Inc. -> Malwarebytes)
R2 MSI_Case_Service; C:\Program Files (x86)\MSI\MSI Center\Case\MSI_Case_Service.exe [69240 2022-11-29] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 MSI_Center_Service; C:\Program Files (x86)\MSI\MSI Center\MSI_Central_Service.exe [150176 2022-08-04] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
R2 MSI_Companion_Service; C:\Program Files (x86)\MSI\MSI Center\Game Highlights\MSI_Companion_Service.exe [140528 2022-05-09] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 MSI_VoiceControl_Service; C:\Program Files (x86)\MSI\MSI Center\Voice Control\VoiceControl_Service.exe [34032 2022-05-12] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 Mystic_Light_Service; C:\Program Files (x86)\MSI\MSI Center\Mystic Light\Mystic_Light_Service.exe [37616 2022-04-28] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [224184 2022-11-29] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\NisSrv.exe [3170576 2022-10-13] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MsMpEng.exe [133584 2022-10-13] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 AfVpnService; "C:\Program Files\Bitdefender\Bitdefender VPN\hydra.sdk.windows.service.exe" [X]
S2 ccleaner; "C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe" /svc [X]
S3 CCleanerBrowserElevationService; "C:\Program Files (x86)\CCleaner Browser\Application\105.0.18469.129\elevation_service.exe" [X]
S3 ccleanerm; "C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdfendrmgr; C:\Windows\System32\drivers\amdfendrmgr.sys [35344 2022-09-09] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R2 AMDRyzenMasterDriverV19; C:\Windows\system32\AMDRyzenMasterDriver.sys [43336 2022-11-30] (Advanced Micro Devices INC. -> Advanced Micro Devices)
R3 AMDSAFD; C:\Windows\System32\DriverStore\FileRepository\amdsafd.inf_amd64_1a1a381a2c0e293c\amdsafd.sys [113056 2022-08-25] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R3 amdwddmg; C:\Windows\System32\DriverStore\FileRepository\u0386458.inf_amd64_e0283e9e7966f704\B386218\amdkmdag.sys [94464432 2022-12-07] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 AMDXE; C:\Windows\System32\drivers\amdxe.sys [59920 2022-05-31] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 atvi-brynhildr; C:\ProgramData\Battle.net_components\brynhildr_odin2\brynhildr.sys [2188544 2022-05-25] (Activision Publishing Inc -> Activision Blizzard, Inc.)
S3 atvi-geirdriful; C:\ProgramData\Battle.net_components\geirdrifulfore\geirdriful.sys [2175752 2023-01-15] (Activision Publishing Inc -> Activision Blizzard, Inc.)
S3 atvi-randgrid; C:\ProgramData\Battle.net_components\randgridauks\randgrid.sys [2877704 2023-01-10] (Activision Publishing Inc -> Activision Blizzard, Inc.)
R1 bdvpn_netfilter; C:\Windows\System32\drivers\bdvpn_netfilter.sys [94600 2021-09-16] (Pango Inc. -> Pango Inc)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [198416 2023-01-17] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [16336 2022-08-15] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [237208 2023-01-17] (ESET, spol. s r.o. -> ESET)
S4 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [55392 2023-01-17] (ESET, spol. s r.o. -> ESET)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [42616 2017-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG)
S4 epfw; C:\Windows\system32\DRIVERS\epfw.sys [81696 2023-01-17] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [122504 2023-01-17] (ESET, spol. s r.o. -> ESET)
S3 GridinSoftInetSecurityDriver; C:\Windows\system32\DRIVERS\gsInetSecurity.sys [107784 2022-12-20] (GridinSoft, LLC -> GridinSoft LLC)
S3 GSDriver; C:\Windows\System32\drivers\GSDriver64.sys [55488 2022-12-20] (Microsoft Windows Hardware Compatibility Publisher -> )
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2022-12-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2022-12-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R1 MSIO; C:\Windows\system32\drivers\MsIo64.sys [17424 2020-01-19] (Microsoft Windows Hardware Compatibility Publisher -> MICSYS Technology Co., LTd)
R3 NTIOLib_CC_Clock; C:\Program Files (x86)\MSI\MSI Center\Lib\NTIOLib_X64.sys [14288 2017-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 NTIOLib_CC_COMM; C:\Program Files (x86)\MSI\MSI Center\Lib\SYS\NTIOLib_X64.sys [28480 2022-04-27] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 NTIOLib_MysticLight; C:\Program Files (x86)\MSI\MSI Center\Mystic Light\Lib\NTIOLib_X64.sys [14288 2017-07-11] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 Revoflt; C:\Windows\System32\DRIVERS\revoflt.sys [38400 2020-10-14] (Microsoft Windows Hardware Compatibility Publisher -> VS Revo Group)
R3 tap0901; C:\Windows\System32\drivers\tap0901.sys [47920 2021-09-16] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R3 VClone; C:\Windows\System32\drivers\VClone.sys [44544 2020-02-22] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [49616 2022-10-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\Windows\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [455968 2022-10-13] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [95520 2022-10-13] (Microsoft Windows -> Microsoft Corporation)
U4 edevmon; system32\DRIVERS\edevmon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-01-25 15:35 - 2023-01-25 15:35 - 000032254 _____ C:\Users\Miroslav\Desktop\FRST.txt
2023-01-25 15:35 - 2023-01-25 15:35 - 000000000 ____D C:\FRST
2023-01-25 15:33 - 2023-01-25 15:33 - 002376704 _____ (Farbar) C:\Users\Miroslav\Desktop\FRST64.exe
2023-01-23 21:21 - 2023-01-23 21:21 - 000000000 ____D C:\Users\Miroslav\Documents\Pracovní životopis
2023-01-22 12:18 - 2023-01-22 12:18 - 000000000 ____D C:\Users\Miroslav\AppData\Local\EALaunchHelper
2023-01-22 12:14 - 2023-01-23 21:36 - 000000000 ____D C:\ProgramData\EA Desktop
2023-01-22 12:14 - 2023-01-22 12:36 - 000000000 ____D C:\Users\Miroslav\AppData\Local\Origin
2023-01-22 12:14 - 2023-01-22 12:14 - 000002138 _____ C:\Users\Public\Desktop\EA.lnk
2023-01-22 12:14 - 2023-01-22 12:14 - 000000000 ____D C:\Users\Miroslav\AppData\Local\Electronic Arts
2023-01-22 12:14 - 2023-01-22 12:14 - 000000000 ____D C:\Users\Miroslav\AppData\Local\EADesktop
2023-01-22 12:14 - 2023-01-22 12:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
2023-01-22 12:14 - 2023-01-22 12:14 - 000000000 ____D C:\Program Files\Electronic Arts
2023-01-22 12:14 - 2023-01-22 12:14 - 000000000 ____D C:\Program Files\EA Games
2023-01-21 10:40 - 2023-01-21 10:40 - 000027048 _____ (EasyAntiCheat Oy) C:\Windows\system32\eac_usermode_5031233076948.dll
2023-01-20 18:56 - 2023-01-20 19:09 - 1806930368 _____ C:\Users\Miroslav\Downloads\Borders.Of.Love.2022.Web-Dl.CZ.720p.mkv
2023-01-20 18:52 - 2023-01-20 19:05 - 2870687086 _____ C:\Users\Miroslav\Downloads\Jan-Žižka-WEBRip-CZ-2022.mkv
2023-01-20 18:46 - 2023-01-20 18:47 - 431108343 _____ C:\Users\Miroslav\Downloads\Zakázané sny - CZ dabing, celý film, Fantozzi, Paolo Villaggio (1982).mp4
2023-01-20 17:51 - 2023-01-20 17:53 - 000000000 ____D C:\Users\Miroslav\Downloads\MyDaughtersHotFriend.23.01.20.Athena.Heart.XXX.480p.MP4-XXX
2023-01-18 23:07 - 2023-01-18 23:07 - 000000245 _____ C:\Users\Miroslav\Desktop\Windows 10 Pro Key.txt
2023-01-15 19:03 - 2023-01-15 19:03 - 000000000 ___HD C:\$WinREAgent
2023-01-12 17:07 - 2023-01-12 17:07 - 000000975 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2022-12-29 12:43 - 2022-12-29 12:43 - 000027048 _____ (EasyAntiCheat Oy) C:\Windows\system32\eac_usermode_860022691154.dll

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-01-25 15:35 - 2022-12-21 20:53 - 000000000 ____D C:\Users\Miroslav\AppData\Roaming\discord
2023-01-25 15:34 - 2022-01-01 15:12 - 001702404 _____ C:\Windows\system32\PerfStringBackup.INI
2023-01-25 15:34 - 2019-12-07 15:43 - 000720186 _____ C:\Windows\system32\perfh005.dat
2023-01-25 15:34 - 2019-12-07 15:43 - 000146300 _____ C:\Windows\system32\perfc005.dat
2023-01-25 15:34 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2023-01-25 15:32 - 2022-10-07 16:16 - 000000000 ____D C:\Users\Miroslav\AppData\Local\Spotify
2023-01-25 15:32 - 2022-10-07 16:15 - 000000000 ____D C:\Users\Miroslav\AppData\Roaming\Spotify
2023-01-25 15:31 - 2022-12-21 20:53 - 000000000 ____D C:\Users\Miroslav\AppData\Local\Discord
2023-01-25 15:31 - 2022-01-02 22:23 - 000000000 ____D C:\MSI
2023-01-25 15:31 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-01-25 15:30 - 2022-12-14 20:39 - 000003104 _____ C:\Windows\system32\Tasks\AMDInstallLauncher
2023-01-25 15:30 - 2022-12-14 20:23 - 000003084 _____ C:\Windows\system32\Tasks\AMDLinkUpdate
2023-01-25 15:30 - 2022-01-01 17:51 - 000000000 ____D C:\Program Files (x86)\Google
2023-01-25 15:30 - 2022-01-01 15:06 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-01-25 15:02 - 2022-01-01 15:06 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-01-25 15:02 - 2022-01-01 12:31 - 000008192 ___SH C:\DumpStack.log.tmp
2023-01-25 00:48 - 2019-12-07 10:03 - 000524288 _____ C:\Windows\system32\config\BBI
2023-01-24 23:00 - 2022-09-17 17:00 - 000000000 ____D C:\Users\Miroslav\AppData\Local\Ubisoft
2023-01-24 22:57 - 2022-01-03 05:36 - 000000000 ____D C:\Users\Miroslav\AppData\Local\BattlEye
2023-01-24 22:52 - 2022-01-02 09:28 - 000000000 ____D C:\Users\Miroslav\AppData\Local\Ubisoft Game Launcher
2023-01-24 15:56 - 2022-11-21 15:43 - 000000000 ____D C:\Users\Miroslav\AppData\Local\D3DSCache
2023-01-24 15:52 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-01-24 15:52 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2023-01-23 22:29 - 2022-01-01 18:05 - 000000000 ____D C:\Users\Miroslav\AppData\Local\Battle.net
2023-01-23 22:25 - 2022-06-11 20:57 - 000000000 ____D C:\Users\Miroslav\Documents\Soubory aplikace Outlook
2023-01-22 21:40 - 2022-01-01 23:23 - 000000000 ____D C:\Users\Miroslav\AppData\Local\WarThunder
2023-01-22 12:23 - 2022-01-01 21:22 - 000000000 ____D C:\ProgramData\Origin
2023-01-22 12:14 - 2022-01-01 17:57 - 000000000 ____D C:\ProgramData\Package Cache
2023-01-22 11:52 - 2022-01-02 11:45 - 000000000 ____D C:\Program Files (x86)\Steam
2023-01-22 01:08 - 2022-01-01 15:11 - 000000000 ____D C:\Users\Miroslav
2023-01-21 22:10 - 2022-01-01 18:07 - 000000000 ____D C:\Program Files (x86)\Call of Duty Vanguard
2023-01-21 20:46 - 2022-01-01 15:06 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-01-21 20:46 - 2022-01-01 15:06 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-01-21 12:33 - 2022-11-21 15:43 - 000000000 ____D C:\Users\Miroslav\AppData\Local\AMD_Common
2023-01-21 12:31 - 2022-01-01 21:41 - 000000000 ____D C:\Program Files (x86)\Origin Games
2023-01-20 23:14 - 2022-12-21 20:53 - 000002246 _____ C:\Users\Miroslav\Desktop\Discord.lnk
2023-01-20 23:12 - 2022-01-03 22:10 - 000000000 ____D C:\Users\Miroslav\AppData\Roaming\qBittorrent
2023-01-20 20:18 - 2022-01-01 20:30 - 000000000 ____D C:\Users\Miroslav\AppData\Roaming\vlc
2023-01-20 18:46 - 2022-09-22 17:36 - 000000000 ____D C:\Program Files (x86)\Call of Duty
2023-01-20 18:35 - 2022-01-01 15:11 - 000000000 ____D C:\Users\Miroslav\AppData\Local\Packages
2023-01-20 16:21 - 2022-01-02 07:07 - 000000000 ____D C:\Program Files (x86)\Call of Duty Modern Warfare
2023-01-18 22:10 - 2022-01-01 15:12 - 000003366 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3279423208-2824119255-3985258815-1001
2023-01-18 22:10 - 2022-01-01 15:11 - 000002390 _____ C:\Users\Miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-01-18 15:50 - 2022-01-10 21:02 - 000000000 ____D C:\Program Files\Microsoft Office
2023-01-17 20:37 - 2022-08-15 06:31 - 000237208 _____ (ESET) C:\Windows\system32\Drivers\ehdrv.sys
2023-01-17 20:37 - 2022-08-15 06:31 - 000198416 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys
2023-01-17 20:37 - 2022-08-15 06:31 - 000122504 _____ (ESET) C:\Windows\system32\Drivers\epfwwfp.sys
2023-01-17 20:37 - 2022-08-15 06:31 - 000081696 _____ (ESET) C:\Windows\system32\Drivers\epfw.sys
2023-01-17 20:37 - 2022-08-15 06:31 - 000055392 _____ (ESET) C:\Windows\system32\Drivers\ekbdflt.sys
2023-01-16 21:43 - 2022-09-27 16:47 - 000000000 ____D C:\ProgramData\SecTaskMan
2023-01-16 16:35 - 2022-01-02 02:56 - 000001199 _____ C:\Users\Public\Desktop\Apex Legends.lnk
2023-01-15 22:29 - 2022-01-01 17:52 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-01-15 22:29 - 2022-01-01 17:52 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-01-15 19:35 - 2022-01-01 15:05 - 000368936 _____ C:\Windows\system32\FNTCACHE.DAT
2023-01-15 19:34 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources
2023-01-15 19:34 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\oobe
2023-01-15 19:34 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\migwiz
2023-01-15 19:34 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr
2023-01-15 19:07 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2023-01-15 19:06 - 2022-01-01 15:09 - 003014656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2023-01-15 19:03 - 2022-01-01 15:15 - 000000000 ____D C:\Windows\system32\MRT
2023-01-15 19:01 - 2022-01-01 15:15 - 150199536 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2023-01-12 17:07 - 2022-08-24 14:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2023-01-12 17:07 - 2022-08-24 14:40 - 000000000 ____D C:\Program Files\CPUID
2023-01-08 15:20 - 2022-10-07 14:16 - 000000000 ____D C:\ProgramData\CanonIJPLM
2023-01-06 15:40 - 2022-01-01 15:06 - 000003640 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-01-06 15:40 - 2022-01-01 15:06 - 000003516 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-01-03 16:46 - 2022-10-20 17:53 - 000000000 ____D C:\Users\Miroslav\AppData\Local\Greenshot
2022-12-30 10:47 - 2022-02-27 10:22 - 000000000 ____D C:\Users\Miroslav\AppData\Roaming\.minecraft
2022-12-30 10:39 - 2022-02-27 10:22 - 000000000 ____D C:\Users\Miroslav\AppData\Roaming\.tlauncher
2022-12-29 20:06 - 2022-03-03 15:41 - 000000000 ____D C:\Users\Miroslav\AppData\Local\CrashDumps
2022-12-28 18:07 - 2022-09-08 15:12 - 000000000 ____D C:\Users\Miroslav\AppData\Roaming\Kodi

==================== Files in the root of some directories ========

2022-08-20 12:43 - 2022-08-20 12:55 - 000012288 _____ () C:\Users\Miroslav\AppData\Roaming\emp.bin

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Hanka130
Návštěvník
Návštěvník
Příspěvky: 37
Registrován: 06 srp 2007 17:47

Re: Nabourání přes discord

#4 Příspěvek od Hanka130 »

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2023
Ran by Miroslav (25-01-2023 15:35:53)
Running from C:\Users\Miroslav\Desktop
Microsoft Windows 10 Pro Version 22H2 19045.2486 (X64) (2022-01-01 14:08:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3279423208-2824119255-3985258815-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3279423208-2824119255-3985258815-503 - Limited - Disabled)
Guest (S-1-5-21-3279423208-2824119255-3985258815-501 - Limited - Disabled)
Miroslav (S-1-5-21-3279423208-2824119255-3985258815-1001 - Administrator - Enabled) => C:\Users\Miroslav
WDAGUtilityAccount (S-1-5-21-3279423208-2824119255-3985258815-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Security (Enabled - Up to date) {DF8BEACB-94C9-218A-73AD-A78362A8C516}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Premiere Pro 2020 (HKLM-x32\...\PPRO_14_0) (Version: 14.0 - Adobe Systems Incorporated)
AllDup 4.5.10 (HKLM-x32\...\AllDup_is1) (Version: 4.5.10 - MTSD)
AMD GPIO2 Driver (HKLM-x32\...\{E9DD399F-21A3-479E-A7DF-D6CF4B2ADBF3}) (Version: 2.2.0.130 - Advanced Micro Devices, Inc.) Hidden
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 4.06.10.651 - Advanced Micro Devices, Inc.)
AMD PCI Driver (HKLM-x32\...\{80EC3CEE-2940-42A1-A776-B5D810D39F1E}) (Version: 1.0.0.89 - Advanced Micro Devices, Inc.) Hidden
AMD PSP Driver (HKLM-x32\...\{988F14B8-79A8-475D-BAC7-83F96AD3D821}) (Version: 5.19.0.0 - Advanced Micro Devices, Inc.) Hidden
AMD Ryzen Balanced Driver (HKLM-x32\...\{A171D320-C42C-4F3B-A2D8-C6A09F6788CC}) (Version: 7.0.4.10 - Advanced Micro Devices, Inc.) Hidden
AMD Ryzen Master (HKLM\...\{02247819-03CD-414E-AC8D-FD518BFBA445}) (Version: 2.9.0.2093 - Advanced Micro Devices, Inc.) Hidden
AMD Ryzen Master (HKLM\...\AMD Ryzen Master) (Version: 2.9.0.2093 - Advanced Micro Devices, Inc.)
AMD Ryzen Master SDK (HKLM\...\{DBD50508-5F75-416B-995D-C42433A00944}) (Version: 2.10.0.2198 - Advanced Micro Devices, Inc.)
AMD SBxxx SMBus Driver (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.38 - Advanced Micro Devices, Inc.) Hidden
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 22.11.2 - Advanced Micro Devices, Inc.)
AMD_Chipset_Drivers (HKLM-x32\...\{c63a1907-428b-458b-935e-e61aad4aac6e}) (Version: 4.06.10.651 - Advanced Micro Devices, Inc.) Hidden
ANT Drivers Installer x64 (HKLM\...\{AE17953F-B52A-4D8E-8A6A-8409F127E0B4}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apex Legends (HKLM-x32\...\{D7FBF176-382D-484E-863A-DFD1124A2A1C}) (Version: 1.1.1.6 - Electronic Arts, Inc.)
Ashampoo Burning Studio 21 (HKLM-x32\...\{91B33C97-3390-FD9A-8E0F-3F6BA7865E46}_is1) (Version: 21.6.1 - Ashampoo GmbH & Co. KG)
Balíček ovladače systému Windows - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Balíček ovladače systému Windows - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield™ V (HKLM-x32\...\{e26b382f-e945-4f70-9318-121b683f1d61}) (Version: 1.0.64.43202 - Electronic Arts)
Bitwarden (HKU\S-1-5-21-3279423208-2824119255-3985258815-1001\...\173a9bac-6f0d-50c4-8202-4744c69d091a) (Version: 2022.9.1 - Bitwarden Inc.)
Black Mesa verze 0.2.1 (HKLM-x32\...\Black Mesa_is1) (Version: 0.2.1 - Tomi2k9)
Branding64 (HKLM\...\{0DB6E0DC-607A-42C1-A3CE-7567A9F85AF4}) (Version: 1.00.0008 - Advanced Micro Devices, Inc.) Hidden
Call of Duty (HKLM-x32\...\Call of Duty) (Version: - Blizzard Entertainment)
Call of Duty Modern Warfare (HKLM-x32\...\Call of Duty Modern Warfare) (Version: - Blizzard Entertainment)
Call of Duty Vanguard (HKLM-x32\...\Call of Duty Vanguard) (Version: - Blizzard Entertainment)
Canon Easy-PhotoPrint Editor (HKLM-x32\...\Canon Easy-PhotoPrint Editor) (Version: 1.7.1 - Canon Inc.)
Canon G3020 series Driver (HKLM\...\{1199FAD5-9546-44F3-81CF-FFDB8040B7BF}_Canon_G3020_series) (Version: 1.02 - Canon Inc.)
Canon IJ Printer Assistant Tool (HKLM-x32\...\Canon IJ Printer Assistant Tool) (Version: 1.61.1.10 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.6.0.2 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 6.4.0 - Canon Inc.)
CCleaner Update Helper (HKLM-x32\...\{E4EAC0E2-A80B-479F-BA45-DCDA595C9A93}) (Version: 1.8.1208.2 - Piriform Software) Hidden
CPUID HWMonitor 1.48 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.48 - CPUID, Inc.)
Discord (HKU\S-1-5-21-3279423208-2824119255-3985258815-1001\...\Discord) (Version: 1.0.9008 - Discord Inc.)
EA app (HKLM\...\{C2622085-ABD2-49E5-8AB9-D3D6A642C091}) (Version: 12.89.0.5346 - Electronic Arts) Hidden
EA app (HKLM-x32\...\{7515da3b-8260-4704-9a2f-6e7ec6d838d5}) (Version: 12.89.0.5346 - Electronic Arts)
Elevated Installer (HKLM-x32\...\{0794CCAE-DAB3-4FAC-85C2-4B9F5DCCF614}) (Version: 7.15.2.0 - Garmin Ltd or its subsidiaries) Hidden
ENE_EHD_M2_HAL (HKLM\...\{37A48B7F-D4EA-4863-844E-A284E2AA3C5D}) (Version: 1.0.10.1 - ENE TECHNOLOGY INC.) Hidden
ENE_EHD_M2_HAL (HKLM-x32\...\{6b617af3-c8f4-45a8-bf47-b32ffb4da1cc}) (Version: 1.0.10.1 - ENE TECHNOLOGY INC.) Hidden
ENE_External_Device_HAL (HKLM\...\{2B8E611F-0B51-4FAC-87BB-AF50D82E7DDA}) (Version: 1.0.10.4 - ENE Tech) Hidden
ENE_External_Device_HAL (HKLM-x32\...\{38581c7d-8a6c-4129-9046-8f5df621478b}) (Version: 1.0.10.4 - ENE Tech) Hidden
ENE_MousePad_HAL (HKLM\...\{9E97178A-ADB8-4778-BE60-7E28E2A72721}) (Version: 1.0.2.0 - ENE TECHNOLOGY INC.) Hidden
ENE_MousePad_HAL (HKLM-x32\...\{c2c794a4-7986-4c45-884d-d4ca43b88df9}) (Version: 1.0.2.0 - ENE TECHNOLOGY INC.) Hidden
Epic Games Launcher (HKLM-x32\...\{209F4B4B-3DF2-4825-9906-D4D6A80EC09E}) (Version: 1.3.0.0 - Epic Games, Inc.)
Epic Online Services (HKLM-x32\...\{32C68D93-D32F-4B01-8250-61642BFC22F8}) (Version: 2.0.28.0 - Epic Games, Inc.)
ESET Security (HKLM\...\{62EF5AA8-63FA-49D4-996E-26F393064303}) (Version: 16.0.26.0 - ESET, spol. s r.o.)
Forza Horizon 4 (HKU\S-1-5-21-3279423208-2824119255-3985258815-1001\...\Forza Horizon 4) (Version: - HOODLUM)
Garmin Express (HKLM-x32\...\{799EBEC4-CDFD-41D8-904A-4B968C64DF51}) (Version: 7.15.2.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{bde189fe-7f26-4da7-9c02-f68549544aff}) (Version: 7.15.2.0 - Garmin Ltd or its subsidiaries)
God of War (HKLM-x32\...\FLT_GodOfWar) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 109.0.5414.75 - Google LLC)
Greenshot 1.2.10.6 (HKLM\...\Greenshot_is1) (Version: 1.2.10.6 - Greenshot)
Hard Disk Sentinel PRO (HKLM-x32\...\Hard Disk Sentinel_is1) (Version: 5.50 - Janos Mathe)
HiP2P Client (HKLM-x32\...\{2F3762A1-58CA-43A8-9854-88BCC34C6D2F}) (Version: 6.5.2.4 - Hi)
HyperX NGenuity Software (HKLM-x32\...\{28211B6A-65EE-4713-8677-E8D41349A122}_is1) (Version: 5.2.8.1 - HyperX)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00001080-0220-1029-84C8-B8D95FA3C8C3}) (Version: 22.80.1.1 - Intel Corporation)
Intel® Software Installer (HKLM-x32\...\{741cd892-0384-4ac9-929f-e3a263d9dc07}) (Version: 22.80.1.1 - Intel Corporation) Hidden
JDownloader 2 (HKLM-x32\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
KeePass Password Safe 2.49 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.49 - Dominik Reichl)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKU\S-1-5-21-3279423208-2824119255-3985258815-1001\...\Riot Game league_of_legends.live) (Version: - Riot Games, Inc)
Malwarebytes version 4.5.20.230 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.20.230 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 109.0.1518.61 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 109.0.1518.61 - Microsoft Corporation)
Microsoft Office LTSC Standard 2021 - cs-cz (HKLM\...\Standard2021Volume - cs-cz) (Version: 16.0.14332.20447 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3279423208-2824119255-3985258815-1001\...\OneDriveSetup.exe) (Version: 22.253.1204.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{80F1AF52-7AC0-42A3-9AF0-689BFB271D1D}) (Version: 3.68.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (HKLM-x32\...\{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (HKLM-x32\...\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29913 (HKLM-x32\...\{03d1453c-7d5c-479c-afea-8482f406e036}) (Version: 14.28.29913.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.31.31103 (HKLM-x32\...\{2aaf1df0-eb13-4099-9992-962bb4e596d1}) (Version: 14.31.31103.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29913 (HKLM-x32\...\{572DCD10-CF2E-43D1-8151-8BD9AC9086D0}) (Version: 14.28.29913 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29913 (HKLM-x32\...\{6236EBBD-F50F-40B3-B819-8DB0C608308C}) (Version: 14.28.29913 - Microsoft Corporation) Hidden
MSI Center SDK (HKLM-x32\...\{15289038-41BE-48F8-B8B9-0B1021D3089E}}_is1) (Version: 3.2022.1215.01 - MSI)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14332.20447 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14332.20447 - Microsoft Corporation) Hidden
qBittorrent 4.4.5 (HKLM-x32\...\qBittorrent) (Version: 4.4.5 - The qBittorrent project)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9257.1 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.051.0811.2021 - Realtek)
Registrace tiskárny (HKLM-x32\...\Canon EISRegistration) (Version: 1.9.0 - Canon Inc.)
RyzenMasterSDK (HKLM\...\{85A2A688-4A95-4298-9FEC-F18F42B8EB7E}) (Version: 1.2.3.5 - Advanced Micro Devices, Inc.) Hidden
Sapphire TRIXX 8.6.0 (HKLM-x32\...\{49272457-BEDE-4A3A-808F-7BBD4840E85B}_is1) (Version: 8.6.0 - Sapphire)
SearchTool version v2.23 (HKLM-x32\...\{8DEF09DE-EFAB-4E6E-A337-1DB1B24C66F0}_is1) (Version: v2.23 - )
Security Task Manager 2.4 (HKLM-x32\...\Security Task Manager) (Version: 2.4 - Neuber Software)
SequoiaView (HKLM-x32\...\SequoiaView) (Version: - )
Spotify (HKU\S-1-5-21-3279423208-2824119255-3985258815-1001\...\Spotify) (Version: 1.2.3.1115.gd61a8f5c - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TLauncher (HKLM-x32\...\TLauncher) (Version: 2.841 - TLauncher Inc.)
Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Uplay Install 635) (Version: - Ubisoft Montreal)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 128.0.10632 - Ubisoft)
Verbatim_SureFireGaming_Product (HKLM\...\{35CB65C6-A7E3-4EE7-AD40-738D70A72164}) (Version: 1.0.3.11 - Verbatim) Hidden
Verbatim_SureFireGaming_Product (HKLM-x32\...\{d601832a-0d94-46ce-9b19-78e8a5887313}) (Version: 1.0.3.11 - Verbatim) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.2.0 - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.18 - VideoLAN)
War Thunder Launcher 1.0.3.295 (HKU\S-1-5-21-3279423208-2824119255-3985258815-1001\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Network)
Wargaming.net Game Center (HKU\S-1-5-21-3279423208-2824119255-3985258815-1001\...\Wargaming.net Game Center) (Version: 22.6.0.1216 - Wargaming.net)
WD P40 Game Drive (HKLM\...\{EE55DBAE-ECDD-4ADD-AAB5-23DE848B0996}) (Version: 1.0.2.18 - Western Digital Corporation) Hidden
WD P40 Game Drive (HKLM-x32\...\{72b1a866-fc31-4381-bff3-fa6cd8823777}) (Version: 1.0.2.18 - Western Digital Corporation) Hidden
WD_BLACK AN1500 (HKLM\...\{085E2365-0A70-4230-B664-02D5E4FE7E9C}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden
WD_BLACK AN1500 (HKLM-x32\...\{9c94735f-73fd-4b0f-9ddb-8be7b3cc4681}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden
WD_BLACK D50 (HKLM\...\{BDE43F26-5917-44F8-B86A-F1D9A6B80B32}) (Version: 1.0.9.0 - ENE TECHNOLOGY INC.) Hidden
WD_BLACK D50 (HKLM-x32\...\{a1d1ba00-92b7-4a99-8ebd-65b25c0e9e44}) (Version: 1.0.9.0 - ENE TECHNOLOGY INC.) Hidden
web control version 1.0.0.9 (HKLM-x32\...\{7DEBACD4-13DE-46DF-974F-F3F264D1E897}_is1) (Version: 1.0.0.9 - )
web control version 3.0.7.1 (HKLM-x32\...\{F88ED86C-0010-4943-BA16-72E4184E31ED}_is1) (Version: 3.0.7.1 - )
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
WinRAR 6.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH)
World of Tanks EU (HKU\S-1-5-21-3279423208-2824119255-3985258815-1001\...\WOT.EU.PRODUCTION) (Version: - Wargaming.net)

Packages:
=========
7-Zip File Manager (Unofficial) -> C:\Program Files\WindowsApps\HaukeGtze.7-ZipFileManagerUnofficial_1.2201.1.0_x64__6bk20wvc8rfx2 [2023-01-04] (Hauke Hasselberg)
AMD Link -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDLink_10.22.20004.0_x64__0a9344xs7nr4m [2022-12-18] (Advanced Micro Devices Inc.)
Canon Inkjet Smart Connect -> C:\Program Files\WindowsApps\34791E63.CanonInkjetSmartConnect_1.3.3.0_x64__6e5tt8cgb93ep [2023-01-21] (Canon Inc.) [Startup Task]
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-04-16] (Microsoft Corporation)
MSI Center -> C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.MSICenter_2.0.6.0_x64__kzh8wxbdkxb8p [2023-01-22] (MICRO-STAR INTERNATIONAL CO., LTD) [Startup Task]
MSI Game Bar -> C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.MSIGameBar_2.0.5.0_x64__kzh8wxbdkxb8p [2022-11-21] (MICRO-STAR INTERNATIONAL CO., LTD)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.30.258.0_x64__dt26b99r8h8gj [2022-01-08] (Realtek Semiconductor Corp)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.15.12020.0_x64__8wekyb3d8bbwe [2023-01-20] (Microsoft Studios) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2023-01-17] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2020-02-23] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2023-01-17] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2020-02-23] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-12-21] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2022-11-30] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2023-01-17] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [Fast Explorer] -> {693BE9C0-BEC3-11D2-B4C1-C33BBD3AD64B} => C:\ProgramData\AllDup\FEShlExt.dll [2008-08-21] (Alex Yakovlev) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-12-21] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2020-09-28] (VS Revo Group Ltd. -> VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Miroslav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Dji - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) =============

2020-11-27 04:38 - 2020-11-27 04:38 - 000961536 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\CefSharp.BrowserSubprocess.Core.dll
2020-11-27 04:38 - 2020-11-27 04:38 - 001446400 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\CefSharp.Core.dll
2022-11-03 11:42 - 2022-11-03 11:42 - 000073216 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\FixBootSector.dll
2017-05-08 10:35 - 2017-05-08 10:35 - 000325632 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\GpsImgWrapper.dll
2020-11-18 10:14 - 2020-11-18 10:14 - 117340672 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\libcef.dll
2020-11-18 08:40 - 2020-11-18 08:40 - 000323072 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\libegl.dll
2020-11-18 08:40 - 2020-11-18 08:40 - 005441536 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\libglesv2.dll
2022-01-09 21:56 - 2016-07-26 15:10 - 000084992 _____ () [File not signed] C:\Program Files (x86)\HyperX\NGenuity\Device\Cloud Flight\HidDevice.dll
2022-01-09 21:55 - 2016-07-26 15:10 - 000084992 _____ () [File not signed] C:\Program Files (x86)\HyperX\NGenuity\HidDevice.dll
2022-11-03 11:42 - 2022-11-03 11:42 - 001976832 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Garmin\Express\XercesLib.dll
2022-01-02 22:25 - 2018-11-15 14:08 - 002200784 _____ (Dexin Corp -> MICRO-STAR INTERNATIONAL) [File not signed] C:\Program Files (x86)\MSI\MSI Center\Mystic Light\IcMSIDll.dll
2022-01-02 22:22 - 2022-01-02 22:22 - 002972368 _____ (Dexin Corp -> MICRO-STAR INTERNATIONAL) [File not signed] C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.MSICenter_2.0.6.0_x64__kzh8wxbdkxb8p\DCv2\Device\GM6070\IcMSIDll.dll
2022-11-03 11:47 - 2022-11-03 11:47 - 000234496 _____ (Dynastream Innovations Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\ANT_WrappedLib.dll
2022-11-03 11:42 - 2022-11-03 11:42 - 002711552 _____ (Garmin International) [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\legacyio.dll
2017-05-08 10:35 - 2017-05-08 10:35 - 000343552 _____ (Garmin International, Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\IMG_GPSMAP.dll
2022-11-03 11:42 - 2022-11-03 11:42 - 000425472 _____ (Garmin) [File not signed] C:\Program Files (x86)\Garmin\Express\XMLdll.dll
2021-02-22 20:38 - 2021-02-22 20:38 - 000990720 _____ (JMicron Technology Co.) [File not signed] C:\Program Files\ENE\Aac_ENE_X-JMI_HAL\JMFWUpdateDll.dll
2022-11-03 11:45 - 2022-11-03 11:45 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\DSI_SiUSBXp_3_1.DLL
2020-11-18 08:39 - 2020-11-18 08:39 - 000843264 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Garmin\Express\chrome_elf.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData:err [1968]
AlternateDataStreams: C:\Users\All Users:err [1968]
AlternateDataStreams: C:\ProgramData\Data aplikací:err [1968]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [10418]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_321\bin\ssv.dll [2022-01-20] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_321\bin\jp2ssv.dll [2022-01-20] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-10-17] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [2008-05-23] (Microsoft Corporation) [File not signed]
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-10-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-10-17] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-10-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-10-17] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-10-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-10-17] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-10-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-10-17] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 10:14 - 2019-12-07 10:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3279423208-2824119255-3985258815-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Miroslav\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\1071437.jpg
DNS Servers: 10.1.0.254 - 10.1.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "KeePass 2 PreLoad"
HKLM\...\StartupApproved\Run: => "CL-26-5BF6A136-F6D4-4C83-87D3-7BAE54B21E53"
HKU\S-1-5-21-3279423208-2824119255-3985258815-1001\...\StartupApproved\Run: => "Battle.net"
HKU\S-1-5-21-3279423208-2824119255-3985258815-1001\...\StartupApproved\Run: => "CCXProcess"
HKU\S-1-5-21-3279423208-2824119255-3985258815-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-3279423208-2824119255-3985258815-1001\...\StartupApproved\Run: => "Gaijin.Net Updater"
HKU\S-1-5-21-3279423208-2824119255-3985258815-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-3279423208-2824119255-3985258815-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3279423208-2824119255-3985258815-1001\...\StartupApproved\Run: => "Wargaming.net Game Center"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{BA740BA5-6461-495A-B214-B73F3EC947F5}C:\program files (x86)\call of duty vanguard\vanguard.exe] => (Allow) C:\program files (x86)\call of duty vanguard\vanguard.exe (Activision Publishing Inc -> Activision)
FirewallRules: [UDP Query User{A6AD3703-B2D4-4CDA-A0CA-1CD0383045C4}C:\program files (x86)\call of duty vanguard\vanguard.exe] => (Allow) C:\program files (x86)\call of duty vanguard\vanguard.exe (Activision Publishing Inc -> Activision)
FirewallRules: [TCP Query User{859DF49F-211F-49D1-9C1D-AD8B98A06289}C:\users\miroslav\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\miroslav\appdata\local\warthunder\launcher.exe (Gaijin Network LTD -> Gaijin)
FirewallRules: [UDP Query User{D4024EB0-B1B9-46C9-AEC9-451CF185666D}C:\users\miroslav\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\miroslav\appdata\local\warthunder\launcher.exe (Gaijin Network LTD -> Gaijin)
FirewallRules: [TCP Query User{979DFF54-1A8C-429E-913A-7ECFE7A71015}C:\users\miroslav\appdata\local\warthunder\win64\aces.exe] => (Allow) C:\users\miroslav\appdata\local\warthunder\win64\aces.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [UDP Query User{CD6E202C-4C73-459C-AC7C-5E321760E7D2}C:\users\miroslav\appdata\local\warthunder\win64\aces.exe] => (Allow) C:\users\miroslav\appdata\local\warthunder\win64\aces.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [{E5B9A7A6-05D6-4DA5-AC8E-334558312C2C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{7B98050B-9894-4F7A-A6B7-FFB01F64AF99}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{BABEC18A-C9B0-44C3-814E-71A3A326506F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{816550D4-9745-4A03-961A-467C769E964F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{4177A771-889D-4909-AE0A-C0EA832282BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve Corp. -> )
FirewallRules: [{9F04A053-D824-498B-9F9F-5676955B4AF0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve Corp. -> )
FirewallRules: [TCP Query User{91185C5E-4035-4517-8A05-ECA5829E63D6}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{600DFABD-D296-42EB-B339-09B573D4F96D}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{953E4A9F-46E7-42A0-9A68-EDEB0BE7361E}] => (Block) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{521864E7-8B59-43F3-B84A-41D9DCB48A5B}] => (Block) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [TCP Query User{9BEDDD42-2BC9-453A-8997-E7F6E1A0A69E}C:\games\world_of_tanks_eu\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_eu\win64\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{202BFC52-EED2-4DE8-879E-980BF938F5BD}C:\games\world_of_tanks_eu\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_eu\win64\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{46DAC06A-B614-4D32-913B-C159727A3966}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\rainbowsix_be.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{9798916C-A87F-42AC-89E2-94B3D6280BAD}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\rainbowsix_be.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{1A9BC961-DB08-4568-BF0D-E4D160EE2CA2}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{428B9CF7-564E-44D3-BD90-E11425856FCA}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [TCP Query User{85547DB3-D744-4784-A3A0-E50ADD0A9810}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe (Activision Publishing Inc -> Activision)
FirewallRules: [UDP Query User{0A6C1E36-AABB-495F-9FB9-1BB6612D14F1}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe (Activision Publishing Inc -> Activision)
FirewallRules: [TCP Query User{69547133-D5EE-4C14-9370-F0DB28F07B44}\\wdmycloudamos\public\wanscam tool\ipcameratool.exe] => (Allow) \\wdmycloudamos\public\wanscam tool\ipcameratool.exe () [File not signed]
FirewallRules: [UDP Query User{4BDB08C4-C477-4073-BA4E-50D44978BB05}\\wdmycloudamos\public\wanscam tool\ipcameratool.exe] => (Allow) \\wdmycloudamos\public\wanscam tool\ipcameratool.exe () [File not signed]
FirewallRules: [TCP Query User{8633641E-890D-41F0-854B-A1E851A4F957}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Block) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{3FBE9EDA-C533-4AA1-9F92-A9FBADAC11DB}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Block) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{1959E81E-B3EF-4E18-8B60-76BD25DAD073}H:\zombie army 4 - dead war\bin\za4_vulkan.exe] => (Block) H:\zombie army 4 - dead war\bin\za4_vulkan.exe => No File
FirewallRules: [UDP Query User{2925DB99-47A2-4905-AC73-A56822798131}H:\zombie army 4 - dead war\bin\za4_vulkan.exe] => (Block) H:\zombie army 4 - dead war\bin\za4_vulkan.exe => No File
FirewallRules: [{4658E5A9-3F80-4224-A72D-F4E71488880F}] => (Allow) C:\Program Files (x86)\Deskshare\IP Camera Viewer 4\IP Camera Viewer.exe => No File
FirewallRules: [{8CA360C4-D9EA-462A-878C-CF45703BC0A0}] => (Allow) C:\Program Files (x86)\Deskshare\IP Camera Viewer 4\IP Camera Viewer.exe => No File
FirewallRules: [TCP Query User{81B0491D-1D93-40AE-ADFD-902B1BFEC600}C:\program files\bitwarden\bitwarden.exe] => (Allow) C:\program files\bitwarden\bitwarden.exe (8bit Solutions LLC -> Bitwarden Inc.)
FirewallRules: [UDP Query User{D3B7A58A-F7F5-46DD-9D25-AED217946041}C:\program files\bitwarden\bitwarden.exe] => (Allow) C:\program files\bitwarden\bitwarden.exe (8bit Solutions LLC -> Bitwarden Inc.)
FirewallRules: [TCP Query User{6718761D-29C7-420B-B6D3-419EB6BC4F40}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{A7EB20A9-EAE6-430A-8A98-26D1BDFAB79D}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{7BBBE20E-A17D-4FEE-8124-13B72F3B5550}C:\program files (x86)\searchtool\searchtool.exe] => (Allow) C:\program files (x86)\searchtool\searchtool.exe () [File not signed]
FirewallRules: [UDP Query User{432BB798-CD53-41D0-89E6-627C3365FA73}C:\program files (x86)\searchtool\searchtool.exe] => (Allow) C:\program files (x86)\searchtool\searchtool.exe () [File not signed]
FirewallRules: [TCP Query User{91209EFE-11C7-4C9C-A20F-FD4615250382}C:\program files (x86)\hip2p client\p2pclient.exe] => (Allow) C:\program files (x86)\hip2p client\p2pclient.exe () [File not signed]
FirewallRules: [UDP Query User{FEE59337-83AA-469E-A90D-F1846A22D863}C:\program files (x86)\hip2p client\p2pclient.exe] => (Allow) C:\program files (x86)\hip2p client\p2pclient.exe () [File not signed]
FirewallRules: [TCP Query User{B39B26C7-6B99-4FA1-B088-D6585DDD2A0B}C:\program files (x86)\ubisoft\ubisoft game launcher\games\tom clancy's rainbow six siege\rainbowsix_vulkan.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\tom clancy's rainbow six siege\rainbowsix_vulkan.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [UDP Query User{2719B593-F550-41D6-93B9-FCC7E43ED152}C:\program files (x86)\ubisoft\ubisoft game launcher\games\tom clancy's rainbow six siege\rainbowsix_vulkan.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\tom clancy's rainbow six siege\rainbowsix_vulkan.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [TCP Query User{CCB62D44-4D31-485A-A592-326C6564656C}C:\users\miroslav\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\miroslav\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe
FirewallRules: [UDP Query User{F76FDE5B-6846-495C-99DC-6F6763F38B91}C:\users\miroslav\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\miroslav\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe
FirewallRules: [TCP Query User{8DA56E84-228F-450D-A8CC-2A9F42D093B1}H:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Block) H:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [UDP Query User{C39CAD00-CADC-4203-A537-4E4D0FB342C4}H:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Block) H:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [TCP Query User{2C00879C-A854-462E-88F0-C4AB85D94E81}C:\users\miroslav\appdata\roaming\.minecraft\runtime\java-runtime-beta\windows\java-runtime-beta\bin\javaw.exe] => (Allow) C:\users\miroslav\appdata\roaming\.minecraft\runtime\java-runtime-beta\windows\java-runtime-beta\bin\javaw.exe
FirewallRules: [UDP Query User{A07F5C15-6A0D-457E-8D0A-21A86CC5754F}C:\users\miroslav\appdata\roaming\.minecraft\runtime\java-runtime-beta\windows\java-runtime-beta\bin\javaw.exe] => (Allow) C:\users\miroslav\appdata\roaming\.minecraft\runtime\java-runtime-beta\windows\java-runtime-beta\bin\javaw.exe
FirewallRules: [TCP Query User{D31D6695-8EA9-43B7-AA2E-EE2C56C4C966}H:\raft\raft\raft.exe] => (Block) H:\raft\raft\raft.exe () [File not signed]
FirewallRules: [UDP Query User{CCB32E15-F3AD-4F3E-A6B8-C7F5BCA52429}H:\raft\raft\raft.exe] => (Block) H:\raft\raft\raft.exe () [File not signed]
FirewallRules: [TCP Query User{A837763A-30A3-4DD4-ABCE-C2F6015A94B3}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{FBE1C7AE-C8AE-4F90-9495-AC2145C44F13}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{2A540368-A1C5-445F-96DC-F784C6CA9637}C:\program files\epic games\fortnite\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files\epic games\fortnite\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{83AC77C4-89A2-40CA-BCF4-603B63B7F0AF}C:\program files\epic games\fortnite\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files\epic games\fortnite\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{74012628-84C5-4DF3-A02B-D65422C08017}C:\program files\amd\cnext\cnext\radeonsoftware.exe] => (Allow) C:\program files\amd\cnext\cnext\radeonsoftware.exe (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
FirewallRules: [UDP Query User{B4DFDB77-D5A7-4CA5-B565-72F8236B2613}C:\program files\amd\cnext\cnext\radeonsoftware.exe] => (Allow) C:\program files\amd\cnext\cnext\radeonsoftware.exe (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
FirewallRules: [{66277BC1-4B41-4D33-A633-346EF7968CA0}] => (Allow) C:\Program Files\AMD\CNext\CNext\amddvr.exe => No File
FirewallRules: [{23E6BF22-5EF8-492B-82DE-76CB61996888}] => (Allow) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
FirewallRules: [{122E69F1-B4FF-45C1-BED7-CDA15014D745}] => (Allow) C:\Program Files\AMD\CNext\CNext\Radeonsoftware.exe (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
FirewallRules: [{02761C45-39B1-4D9B-9CF3-DDC577325396}] => (Allow) C:\Program Files\AMD\CNext\CNext\AMDLink.exe => No File
FirewallRules: [TCP Query User{70D1311E-3D6B-4912-84EC-D248765EF200}H:\riot games\riot client\riotclientservices.exe] => (Block) H:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{33958B2C-0556-4617-8867-B228CE0CD6C7}H:\riot games\riot client\riotclientservices.exe] => (Block) H:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{4C779590-0066-4EB0-9679-2393E8F6462F}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield V\bfvTrial.exe (Electronic Arts, Inc. -> EA Digital Illusions CE AB)
FirewallRules: [{75CDD733-6C1F-4D19-80EF-D890D0CB0632}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield V\bfvTrial.exe (Electronic Arts, Inc. -> EA Digital Illusions CE AB)
FirewallRules: [{E7169B3A-201C-4E49-8674-F3FDCC04DA38}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield V\bfv.exe (EA Digital Illusions CE AB) [File not signed]
FirewallRules: [{AAC84702-858E-4EFB-A3BF-3214EB1F2A77}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield V\bfv.exe (EA Digital Illusions CE AB) [File not signed]
FirewallRules: [TCP Query User{BFB02BE3-E4B3-4DE6-9757-FB5093BCC2F9}C:\users\miroslav\appdata\local\temp\rar$exa13040.37779\raft\raft.exe] => (Allow) C:\users\miroslav\appdata\local\temp\rar$exa13040.37779\raft\raft.exe => No File
FirewallRules: [UDP Query User{129EE6B3-E3E5-449E-A532-176FB62FE358}C:\users\miroslav\appdata\local\temp\rar$exa13040.37779\raft\raft.exe] => (Allow) C:\users\miroslav\appdata\local\temp\rar$exa13040.37779\raft\raft.exe => No File
FirewallRules: [TCP Query User{842B2C49-AAC4-4454-B169-5E046FD9B06B}C:\users\miroslav\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe] => (Block) C:\users\miroslav\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe
FirewallRules: [UDP Query User{AB927734-BBC1-4BBE-BD9C-20626B54CB98}C:\users\miroslav\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe] => (Block) C:\users\miroslav\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe
FirewallRules: [TCP Query User{1C98CD33-DA13-42A6-B257-140DB90C6419}C:\windows\kmsemulator.exe] => (Block) C:\windows\kmsemulator.exe => No File
FirewallRules: [UDP Query User{4922CFAC-103F-4F37-A6C3-043E0BA4A8EE}C:\windows\kmsemulator.exe] => (Block) C:\windows\kmsemulator.exe => No File
FirewallRules: [TCP Query User{BA2F6BD9-34EA-4A42-BC4F-3738D513B43E}C:\program files\kodi\kodi.exe] => (Allow) C:\program files\kodi\kodi.exe (XBMC Foundation) [File not signed]
FirewallRules: [UDP Query User{70D67588-9DE8-4A11-89B3-D0E36C316DEB}C:\program files\kodi\kodi.exe] => (Allow) C:\program files\kodi\kodi.exe (XBMC Foundation) [File not signed]
FirewallRules: [TCP Query User{66A2B246-123A-407C-8E70-EA91B50E548E}C:\program files (x86)\call of duty\_beta_\cod.exe] => (Allow) C:\program files (x86)\call of duty\_beta_\cod.exe => No File
FirewallRules: [UDP Query User{55CC9815-6F41-409C-B3D5-1E1FC79A1C9F}C:\program files (x86)\call of duty\_beta_\cod.exe] => (Allow) C:\program files (x86)\call of duty\_beta_\cod.exe => No File
FirewallRules: [TCP Query User{35CC9603-033A-407C-9E8C-0D853D2D34D0}C:\users\miroslav\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\miroslav\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{0F9E1DF9-E414-4D1F-89E7-96CEC43DEA71}C:\users\miroslav\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\miroslav\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{4FEA7450-00D4-422F-8B63-63291A5C6D4D}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{169FBD50-02DD-4369-930D-9B58C0DA4294}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{8C959B39-5E65-42ED-8591-3E255149FA5E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Aim Lab\AimLab_tb.exe () [File not signed]
FirewallRules: [{7365CEB3-CA04-412B-95B6-F795D5DE97F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Aim Lab\AimLab_tb.exe () [File not signed]
FirewallRules: [{3BE52AB5-E482-4254-868D-EA52DF1D37F9}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{30128B15-4C55-46A9-AB9D-7E5B3B93CE0B}] => (Allow) LPort=1688
FirewallRules: [{E1454604-52F2-4367-B2DD-EB24DEAF38B1}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{BBD4D2B9-A0FF-4FCC-B373-5191D19479EF}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [TCP Query User{A2F3E1B6-7EBB-4572-996F-AFC8361DA6B4}C:\program files (x86)\canon\easy-photoprint editor\cneppeditor.exe] => (Allow) C:\program files (x86)\canon\easy-photoprint editor\cneppeditor.exe (Canon Inc. -> Canon Inc.)
FirewallRules: [UDP Query User{05D6A757-B4E9-4B23-8218-28EBA5D195BB}C:\program files (x86)\canon\easy-photoprint editor\cneppeditor.exe] => (Allow) C:\program files (x86)\canon\easy-photoprint editor\cneppeditor.exe (Canon Inc. -> Canon Inc.)
FirewallRules: [{E8E81B39-A554-4B51-B04B-302C5BF7B350}] => (Allow) H:\SteamLibrary\steamapps\common\Arma 3\arma3launcher.exe (BOHEMIA INTERACTIVE a.s. -> Bohemia Interactive)
FirewallRules: [{58B8C294-2E06-4F6D-AF16-4A4CBA709F2A}] => (Allow) H:\SteamLibrary\steamapps\common\Arma 3\arma3launcher.exe (BOHEMIA INTERACTIVE a.s. -> Bohemia Interactive)
FirewallRules: [{381DF73A-B891-4BBE-9F63-99DCFEAFAA62}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{43C0F3EB-298A-42DD-A5EE-7631563A5877}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F7CFDE24-322E-44E6-A017-528FB96601AA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9E8E9D41-B61A-460D-84B5-60AFE2BFE3BA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C985677F-24A6-4D98-97DF-B34CDEC22405}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{4EF086D5-F0CA-4949-8CA6-66A3B37D4568}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{CD33FE26-F155-40E1-AFE9-C771207629FE}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{85AB2825-DC2B-49CC-87DE-7382769C42B4}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{269CC50E-235A-458C-9396-ED83C78E25E4}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{0878917E-A943-425F-B9E2-1CA34D1C0DCD}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{5CE0D967-81DD-4004-90D0-2B4D6934D59B}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.61\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1AC22BCC-4040-42C0-ABAB-9AD1B6E55577}] => (Allow) C:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{2B3E0D28-1B7D-406B-9C13-74732596CA4A}] => (Allow) C:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{13D1A48D-12E8-4D67-94A6-211AB1352333}] => (Allow) LPort=32683
FirewallRules: [{E5B16FC2-57A6-4A96-A3B9-912ADE1D843F}] => (Allow) LPort=26822

==================== Restore Points =========================

21-01-2023 00:01:04 Revo Uninstaller Pro's restore point - Origin
22-01-2023 12:13:33 EA app
23-01-2023 21:53:27 Nainstalováno rozhraní DirectX

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/25/2023 03:31:58 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0xC004F074
Argument příkazového řádku:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (01/25/2023 03:03:34 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0x8007139F
Argument příkazového řádku:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/25/2023 03:02:46 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\HOLUB$ přes https://AMD-KeyId-578c545f796951421221a ... s/Aik/scep se nepovedla:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Wed, 25 Jan 2023 14:02:46 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: d7202616-707c-4976-b58f-238f5799260f

Metoda: GET(360ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (01/24/2023 03:47:44 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0xC004F074
Argument příkazového řádku:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (01/24/2023 03:47:01 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Systém Windows nemůže získat přístup k souboru C:\Windows\System32\fcon.dll z jednoho z těchto důvodů:
došlo k problému s připojením k síti, s diskem, na kterém je soubor uložen, nebo
s ovladači ukládání nainstalovanými v tomto počítači; nebo disk chybí.
Systém Windows kvůli této chybě ukončil program Host Process for Windows Tasks.

Program: Host Process for Windows Tasks
Soubor: C:\Windows\System32\fcon.dll

Hodnota chyby je uvedena v části Další údaje.
Akce uživatele
1. Otevřete soubor znovu.
Může se jednat o dočasný problém, který se při novém spuštění programu nebude opakovat.
2.
Pokud k souboru stále nelze získat přístup a:
- Nachází se v síti,
měl by správce sítě ověřit, zda nedošlo k problému se sítí a zda lze server kontaktovat.
- Je na vyměnitelném disku (například disketě nebo disku CD-ROM), ověřte, zda je disk správně vložen do počítače.
3. Zkontrolujte a opravte systém souborů pomocí nástroje CHKDSK. Ten lze spustit tak, že kliknete na tlačítko Start a příkaz Spustit, zadáte příkaz CMD a kliknete na tlačítko OK. Do příkazového řádku zadejte příkaz CHKDSK /F a stiskněte klávesu ENTER.
4. Pokud potíže potrvají, obnovte soubor ze záložní kopie.
5. Zjistěte, zda lze otevřít jiné soubory na stejném disku. Pokud ne, může být disk poškozen. Jedná-li se o pevný disk, obraťte se na správce nebo na dodavatele počítačového hardwaru
se žádostí o pomoc.

Další údaje
Hodnota chyby: C0000010
Typ disku: 3

Error: (01/24/2023 03:47:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: taskhostw.exe, verze: 10.0.19041.1865, časové razítko: 0x460f7f71
Název chybujícího modulu: fcon.dll, verze: 10.0.19041.2486, časové razítko: 0x2a7710d7
Kód výjimky: 0xc0000006
Posun chyby: 0x0000000000012830
ID chybujícího procesu: 0x1c54
Čas spuštění chybující aplikace: 0x01d93002b70b6369
Cesta k chybující aplikaci: C:\Windows\system32\taskhostw.exe
Cesta k chybujícímu modulu: C:\Windows\system32\fcon.dll
ID zprávy: e6c34c25-a8c6-4213-9002-41b31af6931e
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (01/24/2023 03:46:36 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0x8007139F
Argument příkazového řádku:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/24/2023 03:46:10 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0x8007139F
Argument příkazového řádku:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent


System errors:
=============
Error: (01/25/2023 03:04:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba CCleaner Browser Update (ccleaner) neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (01/25/2023 12:48:38 AM) (Source: DCOM) (EventID: 10010) (User: HOLUB)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (01/25/2023 12:48:38 AM) (Source: DCOM) (EventID: 10010) (User: HOLUB)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (01/25/2023 12:48:38 AM) (Source: DCOM) (EventID: 10010) (User: HOLUB)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (01/25/2023 12:48:38 AM) (Source: DCOM) (EventID: 10010) (User: HOLUB)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (01/25/2023 12:48:38 AM) (Source: DCOM) (EventID: 10010) (User: HOLUB)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (01/25/2023 12:48:38 AM) (Source: DCOM) (EventID: 10010) (User: HOLUB)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (01/25/2023 12:48:38 AM) (Source: DCOM) (EventID: 10010) (User: HOLUB)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.


Windows Defender:
================
Date: 2022-10-22 11:17:16
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {29D9B9B7-5CEB-47AB-B4DB-3F4003586836}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2022-10-19 16:43:54
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {96B2779B-4546-4C05-9BB5-9C46348B670E}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2022-10-15 09:03:58
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/WinActivator
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_\\WDMYCLOUDAMOS\Public\Programy na windows 10\Aktivator Windows 10-11 Funguje! Trvalý aktivátor\hwid.kms38.gen.mk6.exe
Původ detekce: Sdílená síťová složka
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: HOLUB\Miroslav
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.377.255.0, AS: 1.377.255.0, NIS: 1.377.255.0
Verze modulu: AM: 1.1.19700.3, NIS: 1.1.19700.3

Date: 2022-10-15 09:01:58
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {F583230D-127A-4373-B6CA-3521721B14AE}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: HOLUB\Miroslav

Date: 2022-10-14 23:27:32
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/WinActivator
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Users\Miroslav\Downloads\Aktivator Windows 10-11 Funguje! Trvalý aktivátor\hwid.kms38.gen.mk6.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: HOLUB\Miroslav
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.377.228.0, AS: 1.377.228.0, NIS: 1.377.228.0
Verze modulu: AM: 1.1.19700.3, NIS: 1.1.19700.3
Event[0]:

Date: 2022-10-09 07:40:00
Description:
Modul programu Antivirová ochrana v programu Microsoft Defender byl ukončen v důsledku neočekávané chyby.
Typ chyby: Chyba
Kód výjimky: 0xc0000006
Zdroj: file:C:\Users\Miroslav\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms

CodeIntegrity:
===============
Date: 2023-01-25 15:05:39
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends International, LLC. 1.B0 08/11/2022
Motherboard: Micro-Star International Co., Ltd. MAG X570 TOMAHAWK WIFI (MS-7C84)
Processor: AMD Ryzen 9 3900X 12-Core Processor
Percentage of memory in use: 18%
Total physical RAM: 32693 MB
Available physical RAM: 26549.79 MB
Total Virtual: 37557 MB
Available Virtual: 28883.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.9 GB) (Free:142.71 GB) (Model: KINGSTON SA2000M81000G) NTFS
Drive d: (FOTKY original 2TB) (Fixed) (Total:1863.01 GB) (Free:1189.91 GB) (Model: WDC WD20EZRX-00D8PB0) NTFS
Drive g: (Odkládací souboru pro adobe-1,5T) (Fixed) (Total:1397.26 GB) (Free:1053.06 GB) (Model: WDC WD15EARS-00S8B1) NTFS
Drive h: (Stare SSD 500GB) (Fixed) (Total:460.16 GB) (Free:152.63 GB) (Model: Samsung SSD 850 EVO 500GB) NTFS
Drive j: (Novy disk 6TB - DRON) (Fixed) (Total:5588.9 GB) (Free:3499.23 GB) (Model: WDC WD60EFAX-68SHWN0) NTFS

\\?\Volume{5fb83aec-226d-47da-9df6-756db1c9d348}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
\\?\Volume{79366b21-0000-0000-0000-a01073000000}\ () (Fixed) (Total:0.84 GB) (Free:0.81 GB) NTFS
\\?\Volume{356edc10-4b03-4a77-b471-fef1cb52df54}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 30741A27)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1397.3 GB) (Disk ID: F5A5D5C7)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 79366B21)
Partition 1: (Not Active) - (Size=460.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=864 MB) - (Type=27)

==========================================================
Disk: 3 (Protective MBR) (Size: 5589 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 4 (Size: 931.5 GB) (Disk ID: 60266E4C)

Partition: GPT.

==================== End of Addition.txt =======================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118200
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Nabourání přes discord

#5 Příspěvek od Rudy »

OK, teď spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Hanka130
Návštěvník
Návštěvník
Příspěvky: 37
Registrován: 06 srp 2007 17:47

Re: Nabourání přes discord

#6 Příspěvek od Hanka130 »

OK,zasílám další log:

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 01-25-2023
# Duration: 00:00:06
# OS: Windows 10 (Build 19045.2486)
# Scanned: 32104
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner[S00].txt - [1420 octets] - [26/09/2022 15:25:08]
AdwCleaner[S01].txt - [1481 octets] - [26/09/2022 15:25:45]
AdwCleaner[C01].txt - [1671 octets] - [26/09/2022 15:26:16]
AdwCleaner[S02].txt - [1603 octets] - [27/09/2022 20:35:17]
AdwCleaner[C02].txt - [1793 octets] - [27/09/2022 20:35:29]
AdwCleaner[S03].txt - [1725 octets] - [27/09/2022 20:35:44]
AdwCleaner[S04].txt - [1786 octets] - [27/09/2022 20:35:52]
AdwCleaner[C04].txt - [1976 octets] - [27/09/2022 20:36:10]
AdwCleaner[S05].txt - [1908 octets] - [24/01/2023 22:56:55]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S06].txt ##########

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118200
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Nabourání přes discord

#7 Příspěvek od Rudy »

Toto je OK. Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
AlternateDataStreams: C:\ProgramData:err [1968]
AlternateDataStreams: C:\Users\All Users:err [1968]
AlternateDataStreams: C:\ProgramData\Data aplikací:err [1968]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [10418]
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
FirewallRules: [TCP Query User{1959E81E-B3EF-4E18-8B60-76BD25DAD073}H:\zombie army 4 - dead war\bin\za4_vulkan.exe] => (Block) H:\zombie army 4 - dead war\bin\za4_vulkan.exe => No File
FirewallRules: [UDP Query User{2925DB99-47A2-4905-AC73-A56822798131}H:\zombie army 4 - dead war\bin\za4_vulkan.exe] => (Block) H:\zombie army 4 - dead war\bin\za4_vulkan.exe => No File
FirewallRules: [{4658E5A9-3F80-4224-A72D-F4E71488880F}] => (Allow) C:\Program Files (x86)\Deskshare\IP Camera Viewer 4\IP Camera Viewer.exe => No File
FirewallRules: [{8CA360C4-D9EA-462A-878C-CF45703BC0A0}] => (Allow) C:\Program Files (x86)\Deskshare\IP Camera Viewer 4\IP Camera Viewer.exe => No File
FirewallRules: [TCP Query User{8DA56E84-228F-450D-A8CC-2A9F42D093B1}H:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Block) H:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [UDP Query User{C39CAD00-CADC-4203-A537-4E4D0FB342C4}H:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Block) H:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [{66277BC1-4B41-4D33-A633-346EF7968CA0}] => (Allow) C:\Program Files\AMD\CNext\CNext\amddvr.exe => No File
FirewallRules: [{02761C45-39B1-4D9B-9CF3-DDC577325396}] => (Allow) C:\Program Files\AMD\CNext\CNext\AMDLink.exe => No File
FirewallRules: [TCP Query User{BFB02BE3-E4B3-4DE6-9757-FB5093BCC2F9}C:\users\miroslav\appdata\local\temp\rar$exa13040.37779\raft\raft.exe] => (Allow) C:\users\miroslav\appdata\local\temp\rar$exa13040.37779\raft\raft.exe => No File
FirewallRules: [UDP Query User{129EE6B3-E3E5-449E-A532-176FB62FE358}C:\users\miroslav\appdata\local\temp\rar$exa13040.37779\raft\raft.exe] => (Allow) C:\users\miroslav\appdata\local\temp\rar$exa13040.37779\raft\raft.exe => No File
FirewallRules: [TCP Query User{1C98CD33-DA13-42A6-B257-140DB90C6419}C:\windows\kmsemulator.exe] => (Block) C:\windows\kmsemulator.exe => No File
FirewallRules: [UDP Query User{4922CFAC-103F-4F37-A6C3-043E0BA4A8EE}C:\windows\kmsemulator.exe] => (Block) C:\windows\kmsemulator.exe => No File
FirewallRules: [TCP Query User{66A2B246-123A-407C-8E70-EA91B50E548E}C:\program files (x86)\call of duty\_beta_\cod.exe] => (Allow) C:\program files (x86)\call of duty\_beta_\cod.exe => No File
FirewallRules: [UDP Query User{55CC9815-6F41-409C-B3D5-1E1FC79A1C9F}C:\program files (x86)\call of duty\_beta_\cod.exe] => (Allow) C:\program files (x86)\call of duty\_beta_\cod.exe => No File
C:\Users\Miroslav\Downloads\Aktivator Windows 10-11

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Hanka130
Návštěvník
Návštěvník
Příspěvky: 37
Registrován: 06 srp 2007 17:47

Re: Nabourání přes discord

#8 Příspěvek od Hanka130 »

Provedeno posílám log:

Fix result of Farbar Recovery Scan Tool (x64) Version: 24-01-2023
Ran by Miroslav (25-01-2023 22:49:03) Run:1
Running from C:\Users\Miroslav\Desktop
Loaded Profiles: Miroslav
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
AlternateDataStreams: C:\ProgramData:err [1968]
AlternateDataStreams: C:\Users\All Users:err [1968]
AlternateDataStreams: C:\ProgramData\Data aplikací:err [1968]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [10418]
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
FirewallRules: [TCP Query User{1959E81E-B3EF-4E18-8B60-76BD25DAD073}H:\zombie army 4 - dead war\bin\za4_vulkan.exe] => (Block) H:\zombie army 4 - dead war\bin\za4_vulkan.exe => No File
FirewallRules: [UDP Query User{2925DB99-47A2-4905-AC73-A56822798131}H:\zombie army 4 - dead war\bin\za4_vulkan.exe] => (Block) H:\zombie army 4 - dead war\bin\za4_vulkan.exe => No File
FirewallRules: [{4658E5A9-3F80-4224-A72D-F4E71488880F}] => (Allow) C:\Program Files (x86)\Deskshare\IP Camera Viewer 4\IP Camera Viewer.exe => No File
FirewallRules: [{8CA360C4-D9EA-462A-878C-CF45703BC0A0}] => (Allow) C:\Program Files (x86)\Deskshare\IP Camera Viewer 4\IP Camera Viewer.exe => No File
FirewallRules: [TCP Query User{8DA56E84-228F-450D-A8CC-2A9F42D093B1}H:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Block) H:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [UDP Query User{C39CAD00-CADC-4203-A537-4E4D0FB342C4}H:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Block) H:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [{66277BC1-4B41-4D33-A633-346EF7968CA0}] => (Allow) C:\Program Files\AMD\CNext\CNext\amddvr.exe => No File
FirewallRules: [{02761C45-39B1-4D9B-9CF3-DDC577325396}] => (Allow) C:\Program Files\AMD\CNext\CNext\AMDLink.exe => No File
FirewallRules: [TCP Query User{BFB02BE3-E4B3-4DE6-9757-FB5093BCC2F9}C:\users\miroslav\appdata\local\temp\rar$exa13040.37779\raft\raft.exe] => (Allow) C:\users\miroslav\appdata\local\temp\rar$exa13040.37779\raft\raft.exe => No File
FirewallRules: [UDP Query User{129EE6B3-E3E5-449E-A532-176FB62FE358}C:\users\miroslav\appdata\local\temp\rar$exa13040.37779\raft\raft.exe] => (Allow) C:\users\miroslav\appdata\local\temp\rar$exa13040.37779\raft\raft.exe => No File
FirewallRules: [TCP Query User{1C98CD33-DA13-42A6-B257-140DB90C6419}C:\windows\kmsemulator.exe] => (Block) C:\windows\kmsemulator.exe => No File
FirewallRules: [UDP Query User{4922CFAC-103F-4F37-A6C3-043E0BA4A8EE}C:\windows\kmsemulator.exe] => (Block) C:\windows\kmsemulator.exe => No File
FirewallRules: [TCP Query User{66A2B246-123A-407C-8E70-EA91B50E548E}C:\program files (x86)\call of duty\_beta_\cod.exe] => (Allow) C:\program files (x86)\call of duty\_beta_\cod.exe => No File
FirewallRules: [UDP Query User{55CC9815-6F41-409C-B3D5-1E1FC79A1C9F}C:\program files (x86)\call of duty\_beta_\cod.exe] => (Allow) C:\program files (x86)\call of duty\_beta_\cod.exe => No File
C:\Users\Miroslav\Downloads\Aktivator Windows 10-11

EmptyTemp:
End
*****************

Processes closed successfully.
C:\ProgramData => ":err" ADS could not remove.
C:\Users\All Users => ":err" ADS could not remove.
C:\ProgramData\Data aplikací => ":err" ADS could not remove.
C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{1959E81E-B3EF-4E18-8B60-76BD25DAD073}H:\zombie army 4 - dead war\bin\za4_vulkan.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2925DB99-47A2-4905-AC73-A56822798131}H:\zombie army 4 - dead war\bin\za4_vulkan.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4658E5A9-3F80-4224-A72D-F4E71488880F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8CA360C4-D9EA-462A-878C-CF45703BC0A0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8DA56E84-228F-450D-A8CC-2A9F42D093B1}H:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C39CAD00-CADC-4203-A537-4E4D0FB342C4}H:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{66277BC1-4B41-4D33-A633-346EF7968CA0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{02761C45-39B1-4D9B-9CF3-DDC577325396}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{BFB02BE3-E4B3-4DE6-9757-FB5093BCC2F9}C:\users\miroslav\appdata\local\temp\rar$exa13040.37779\raft\raft.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{129EE6B3-E3E5-449E-A532-176FB62FE358}C:\users\miroslav\appdata\local\temp\rar$exa13040.37779\raft\raft.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{1C98CD33-DA13-42A6-B257-140DB90C6419}C:\windows\kmsemulator.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{4922CFAC-103F-4F37-A6C3-043E0BA4A8EE}C:\windows\kmsemulator.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{66A2B246-123A-407C-8E70-EA91B50E548E}C:\program files (x86)\call of duty\_beta_\cod.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{55CC9815-6F41-409C-B3D5-1E1FC79A1C9F}C:\program files (x86)\call of duty\_beta_\cod.exe" => removed successfully
"C:\Users\Miroslav\Downloads\Aktivator Windows 10-11" => not found

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 4194304 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 356374005 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 649900577 B
Windows/system/drivers => 4588837 B
Edge => 0 B
Chrome => 985638787 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 4028768 B
LocalService => 4764102 B
NetworkService => 4863080 B
Miroslav => 188559665 B

RecycleBin => 1381007763 B
EmptyTemp: => 3.3 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:49:20 ====

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118200
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Nabourání přes discord

#9 Příspěvek od Rudy »

Smazáno, PC by již mělo být čisté.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Hanka130
Návštěvník
Návštěvník
Příspěvky: 37
Registrován: 06 srp 2007 17:47

Re: Nabourání přes discord

#10 Příspěvek od Hanka130 »

Byl v PC nějaký zásadní vir nebo útočník ukradl pouze emailové adresy?Je to možné nějak zjistit co odcizil?
Děkuji za pomoc :worship: :happy:

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118200
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Nabourání přes discord

#11 Příspěvek od Rudy »

Pravděpodobně vám e-mail nepadl útočník zvenčí zlomením hesla. V PC byly jen zbytečnosti.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Odpovědět